Data Forensics Assignment Sample

• Subject Name : IT Computer Science

Computer Forensics

Abstract of Computer Forensics 

Computer forensic is a body which is involved with the analyzation of data through identification, recovering, analyzing, presentation and giving opinions on data obtained in computer and digital platforms (Kruse, 2002). Since this is an art rather than science the methodology is evident by extensive domain knowledge and flexibility. This field is a relatively upcoming discipline in computing to courts and various existing laws for prosecution computer related crimes and help in related fields of forensics in sate of influx. New Judiciary rulings have been embossed on how forensics in computer field will be applied. Most preferred source of evidence in the area of United States Department of Justice Cybercrime related issue web is http://www.cybercrime.gov.

Despite the various methodologies stipulated by law enforcement they lack the flexibility found in civil world and are fairly rigid. For this case The computer purchased by Aaron Greene and the thumb drives belonging to jo have to be analyzed to find out if the file(data) has incriminating evidence. The depth to which the analysis and investigation is carried out varies depending on the simple data retrieved to restructuring a series of events.

By using file signature to analyze the header and trailer of files to identify the type file regardless of file extension. Since the starting bytes’ hexadecimals header and the ending bytes are usually unique. For this case we are finding the unique relatable header and trailer bytes for a move a patent content to increment jo. With the aid of Hxd tool, systool and win hex, unique file types can be identified to match the corresponding file types of the evidence obtained from the Aarons new computer (jo old computer), jo new computer and the removable flash drives. For instance, by using the hxd tool to identify the hexadecimals and relating to the file type websites, with the use hexadecimal bytes which is known as rich text format which re considered as one bite.

Introduction to Computer Forensics

After thorough and vivid detailed investigation of the four files, there was lack of unique related files to the movie and pictures allegations brought by Aaron to the police department. Therefore, making the case not incriminating enough to make jo a criminal of patent misconducts. Despite the results obtained through a process of comparing and contrasting between the existing file signature types and the evidence signature file, the process of using few hexadecimal bytes makes the hxd tool not more convincing since the data does not run through the rest of the bites(Yong, 2005). In case of a much deeper and hidden data it can be easy to be left unseen by such tools. Hence there is need to upgrade and find better tools to be used by computer forensic analysts in the field for more accurate data.

The misunderstanding or misinformation of Aaron might be due to lack of well corresponding file signature to match the evidence they found from the drives obtained from jo. Incase their where any related data which would have resulted to incriminate Jo the evident signatures would have corresponded to movie and picture signatures. Nevertheless the illegal access or use or external data storage media ( usb or flash disk) the company would have resulted for more enquiries about the issue at hand, but in this case our main focus is to determine if he is involved in illegal video and data image.

Given these facts jo is to be declared innocent, but a further data analysis and mining should be conducted in the company for the identification if there is a third party involved in this case. For instance, a fellow colleague might have use illegal videos or data mages through the switch and resulted to sharing of such data to the old computer of Jo which might have in time be in use too

The methodology used on such a case would be to download a system tool for drive data retrieval and analysis for this case we use a hxd,Systool hard drive data viewer , win hex and so much more. Then by opening the resulting evidence using this soft wares, I obtain bytes’ information of signature data for the files in use, for this case is the evidence obtained by the forensic department. The data has unique stating and ending threads which are usually in form of a hexadecimal which form a bite. The hexadecimal is then captured to be compared against file signature found in different file types websites, which has all type of signatures created by different data types. In this case the various data structures of the signatures are not similar to the existing video and image file types.

Through this method the analyst can determine using the evidence if the person being under investigations is an accomplish of crime or illegal activity. The software has been various challenges which involve simple staffs such as not having a preinstalled signature types to compare with or against. Also the software does not do full data analysis of the file only the header and the footer thread for signature identification.

With no reasonable doubt due to lack of evidence to like joe to the illegal video and data image there is a reason to believe an extra device either external or a device within the system is used to temper with the files. After the old computer was having incrementing evidence there has to be a source which will relate to the given data that was found in the old computer, therefore through determining previous deleted files or even questioning the accomplice to the case there would result to identification of the unknown external device or foreign device.

Also by analyzing the switch and identifying the device which were previously connected to the network, one can determine which the device shared information to jo and which type of information was sent. The data signature of the devices can be found in the switch history or the computer (jo’s old computer) last sharing or linked devices(Bajtos, 2018).

Allegedly the seized evidence obtained from jo’s previous and current gargets information brought forward by Aaron is just but allegations which may have without basis or evident claims to link jo to any of the claimed allegations. Nevertheless, with such allegations at hand their might be a possibility that data might have been tempered with before the investigation was conducted or the data was mined from the devices. Another possibility would be the computer was operated by colleague out of the knowledge or consent of Jo. The last possibility would be unauthorized individual from same company tampered with colleagues’ information.

With such speculation there is a possibility a different device was used since the files presented forward does not have any related signature bytes for the illegal videos and data image. Through digital forensics websites more investigation can be conducted to the various component of the organization to analyze the authenticity and if the computers were used to aid in the computer misconduct.

Credibility of the acquired data is always evident by the methodology and procedural means of data mining from the previous evidence(Englbrecht, 2017) After a thorough scrutiny and forensic investigation done on various devices which were related and connected to joe use which might have result to incriminating him, with no further a due or doubt there is no single data or signature file obtained from the files makes him an accomplice to any crime. But with the use of external file drive makes the whole investigation to think twice about the choice to make for such a scenario.

In conclusion data analyzation by forensic team should have been done for the whole company.in case of an extra or even evident related criminal activity due to unauthorized access or any cyber-criminal activity conducted on the system would be found. Secondly the allegations brought forward by Aaron should not have targeted jo devices alone other media of data storage should have been used for instance an unauthorized user could have accessed joes file through the switch to get this confusing information.

References for Computer Forensics

Kruse and Heiser,In a 2002 book, Computer Forensics, Addison Wesley professional

Shi,Young 2005 Signature files and signature files construction ,published by encyclopedia of database technologies and applications

Bajtos T 2018,network intrusion detection and threat agent profiling, security and communication networks ,online publication

Englbrecht, 2017, Enhancing credibility of digital evidence through provenance-based incident response handling, Proceedings of the fourteenth international conference on availability, reliability and security,

Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Computer Science Assignment Help